User: Password:
Subscribe / Log in / New account

Google Chrome and master passwords

Google Chrome and master passwords

Posted May 20, 2010 10:23 UTC (Thu) by ThinkRob (subscriber, #64513)
Parent article: Google Chrome and master passwords

This is a little silly IMHO, but not entirely unprecedented. Sadly, there seems to be more and more of a move towards building software to "protect the users from themselves".

It's the user's responsibility to make sure that they trust the folks who use their box, plain and simple. If you [the software developer] really, really, _really_ want to shield fools from themselves, then build in "keychain" functionality but just disable it by default. Why deprive sane users of a feature just because some users can't figure out how to use it in a safe, effective manner?

Chrome's stance is like the Linux kernel developers deciding to strip out swap support because some folks could use a laptop with an unencrypted swap partition.

(Log in to post comments)

Google Chrome and master passwords

Posted May 20, 2010 15:32 UTC (Thu) by AndreE (guest, #60148) [Link]

what ever happened to secure by default.

Leaving your site passwords in plaintext is just stupid. Stupid enough for them NOT to do it on windows.

Google Chrome and master passwords

Posted May 21, 2010 13:35 UTC (Fri) by jwarnica (guest, #27492) [Link]

Well... The question really is "whose job is it to provide security against remote or local physical attacks?"

Chrome doesn't do RAID, it doesn't do tape backups, it doesn't patch the OS with updates. Such services and tasks are clearly something else's problem.

Disk encryption exists, if currently unusual. Locking screensavers are everywhere, if not always used.

Users have the ability, today, to protect against the attacks that a browser master lock also provide.

A browser master lock is:
- not going to be as effective (system based security would both protect against more things, and likely be technically better as its importance would get it more attention from devs and testers)
- be annoying to those using other locks (I hate the gnome keyring thing, for example. I just logged in to my account, and you want me to log in again?)

Google Chrome and master passwords

Posted May 22, 2010 8:37 UTC (Sat) by tzafrir (subscriber, #11501) [Link]

A browser "master lock" is optional. If you don't trust the browser, don't store passwords with it.

If I don't want to install a different password (and copy/paste passwords, which may expose them on the clipboard), what should I do?

Google Chrome and master passwords

Posted May 22, 2010 21:52 UTC (Sat) by dlang (subscriber, #313) [Link]

option 1
remember your passwords yourself and type them

option 2
have an application, device remember your passwords but type them, don't copy-n-paste them

option 3
get a browser plugin that generates a password based on the website and what you type so that you don't have to remember a different password per website, but each website gets a different password

Google Chrome and master passwords

Posted May 22, 2010 18:07 UTC (Sat) by salimma (subscriber, #34460) [Link]

On Fedora, at least, the Gnome keyring is unlocked automatically when you login. The KDE wallet on openSUSE, on the other hand, *does* require manual unlocking.

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds